Groups
Genian Insights E allows you to set Endpoints as a group with specific conditions, and set Threats Threat Detection & Response Policy according to the group. If you do not create a group, all Endpoints are included in the default group in the Analysis > Endpoints > Groups menu.
One Endpoints can be included in multiple groups depending on the condition, but according to the policy creation order, the ‘high list group policy’ among the order corresponding to the group condition is applied.
Create group
- Go to Analysis > Endpoints > Groups menu and click the ‘Add’ button in the upper left corner to create a new group.
- A pop-up window for adding a new group appears. After setting the group name, basic operation, and group selection to copy, click the ‘Create’ button.
Item | Description |
---|---|
Group Name | Enter a group name. |
Basic Operation | AND - When using more than one condition, all conditions must be satisfied to be included in the group.OR - When using more than one condition, it is included in the group even if only one of the many conditions is satisfied. |
Select group to copy | Select a group to copy the condition from among the already created groups. |
Group Condition Settings
- After creating a group, click the group name to move to the group condition Settings screen and set the conditions to be included in the group.
- Click the Add button to set the conditions. After setting the condition, click the check button to save the condition setting.
- After saving, click the ‘Apply group condition immediately’ button so that the server knows which Endpoints meet the group condition.
- When you click the Apply group condition immediately button, you are automatically moved to the list screen containing the Endpoints set in step 3.
Modify group condition
- To edit or delete group conditions, click the ‘Group Condition Settings’ button on the group condition detail screen.
- After adding or deleting the detailed condition settings screen, click the 'Apply Now' button to be reflected in the server immediately.
Policy Settings
Note
In Policy > Group Policies, you can set the policy for event collection, detection, and response.
After setting the Endpoints group, you can set the policy in the ‘Policy Settings’ list for that group.
- First, set the policy for event collection, detection, and response in Policy > Group Policies according to the manual.
- From the list of policies created in step 1, select the policy to be applied to the Endpoints group and click the ‘Apply immediately’ button.
- When the policy application confirmation pop-up window appears, click the OK button.
- Policy changes are reflected in the server, and to deliver the changed policy to Endpoints, click the ‘Apply Now’ button in the upper right corner.